ioc[.]one - OSINT Cyber Threat Intelligence Database

BadRabbit

Tags

country:	Bulgaria Germany Japan Russia Ukraine
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	92c48acc-4888-4933-ab24-eeebb48d5b6e
Fingerprint	de213ddb40b727e8
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 24, 2017, midnight
Added to db	Aug. 31, 2024, 12:50 a.m.
Last updated	Oct. 15, 2024, 8:30 p.m.
Headline	UNKNOWN
Title	BadRabbit
Detected Hints/Tags/Attributes	50/2/21

Source URLs

	Redirection	Url
Details	Source	https://blog.group-ib.com/badrabbit

URL Provider

Details	Provider	Source level domain
Details	group-ib.com	blog.group-ib.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	36	✔	Blog Group-IB	https://blog.group-ib.com/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	5	www.fontanka.ru
Details	Domain	3	argumenti.ru
Details	Domain	5	argumentiru.com
Details	Domain	7	caforssztxqzf2nm.onion
Details	Domain	13	1dnscontrol.com
Details	Domain	3	webcheck01.net
Details	Domain	3	webdefense1.net
Details	Domain	3	secure-check.host
Details	Domain	3	firewebmail.com
Details	Domain	3	secureinbox.email
Details	Domain	3	secure-dns1.net
Details	Domain	35	group-ib.com
Details	Email	1	marketing@group-ib.com
Details	File	15	install_flash_player.exe
Details	File	10	c:\windows\infpub.dat
Details	md5	2	FBBDC39AF1139AEBBA4DA004475E8839
Details	IPv4	7	185.149.120.3
Details	IPv4	1	5.61.37.209
Details	Url	2	http://www.fontanka.ru
Details	Url	2	http://argumenti.ru
Details	Url	2	http://argumentiru.com